1. Field of the Invention
The present invention relates to systems for detection of undesired computer programs in network communications and other sources of input data.
2. Description of Related Art
Systems are vulnerable to malicious computer programs in a variety of settings. In theory, these vulnerabilities should be eliminated through disciplined coding practices, including routines for strong validation of system input. In practice, vulnerability-free software has been difficult to achieve.
In order for a vulnerability to be successfully exploited, code from the unwanted program must be present in system input. This code is sometimes referred to as shell code. Shell code consists of either directly executable instructions, such as would run on a microprocessor, or higher level programming language instructions suitable for interpretation.
Many attempts have been made to reliably identify attacks by unwanted programs. Methods include, but are not limited to, processes that rely on signatures for known attacks, on heuristics to recognize patterns similar to known attacks, on regular expressions that attempt to identify problematic code, on statistical analysis of system input to identify code, and on controlled execution of systems using unknown input to monitor application behavior in an instrumented environment. None of these strategies represents a completely reliable mechanism of identifying problematic input.
It is desirable therefore to provide technology to improve the security of data flows between data processing systems, without imposing undue burdens, such as delays, costs or increases in latency, on the users of the communication channels.